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IT Transformation < 


Infrastructure & Application 


Digital 
Transformation 


Holistic Transformation of 
Business to Digital 


Cloud, Containers, laaS, PaaS, 


OT, lloT, lol, Mobility, Web 
apps, APIs, Mobile Apps 
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Hybrid Cloud Overview Architecture 


à a 
be Шаш с 
= et 
= 0-50 
B- 


aws О 
мә Google Cloud Platform 


Work Stations = ra e 


NETWORKS @ NETWORKS 


Mobile Workforce 


vms Ж” Smic À ES saremera AEQ VMs ЖУ dec À ES  BARE METAL 


docker 


Y redis БЕ West Coast East Coast “С Y redis 
Lans Datacenter Datacenter cents m 


cassandra 


решемс Mi 


STORAGE D@LLEMC п STORAGE 


On-Premise 


Containers 


Real game changer 


Hypervisor disappearing, bare 
metal is back 


Kubernetes Infrastructure-as-code 
Container-as-a-Service AWS Fargate 


AWS Lambda function-as-a-service, 
serverless! 


Kubefed? 


"Priceline" for Containers? 
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DevOps 


This is real and highly contagious 


Developer decides how 
infrastructure runs in production 


Speeds up significantly how fast 
code goes to production 
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On-Prem 


Shrinking Datacenter Footprint 
Increasing OT & Пот 
Corp IT - more distributed & mobile 


More loT! 
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Enterprise 
Mobility !- BYoD 


Enterprise owned handheld devices 
Indispensable to modern business 


Running apps handling sensitive 
business & consumer data 


Mobile! 
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Web Apps & APIs 


Web Apps for the humans 
APIs for the inhumans 


Wide window into all your data 
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SaaS 


More aaS everywhere 
No infrastructure to manage 


No Applications to code or manage 
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SaaS 


| Е.) Lead the charge 
against bloated 5 
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Security 


| 1 a 
DL nM 


IBM PC AT 
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November 13, 1984 


PC Magazine about IBM PC AT 


“The AT provides the first real system for allowing 
executives to sleep at night: 


A hard-to-duplicate ‘tubular’ key locks all but key holders 
out of the system” 
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34 years later 


No magic key = No sleep at night! 
Same challenges x 10 


No visibility across global hybrid 
infrastructure 


Still need to do Vulnerability & 
Configuration management 


Still need to monitor integrity of systems(?) 


More data incoming into “SIEM” 
deployments 


Basically no visibility to respond 


Compliance demands on new infrastructure 
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Future of Security 


Transparent Orchestration 


Built-in Automation the only real 
solution 


Starts in DevOps 


New generation of Security Analytics 
platforms 
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Qualys 
Platform Approach 


Embracing our own Digital 
Transformation 


Massive expansion of backend for 
visibility - 620 Billion security 
datapoints indexed 


Comprehensive coverage of 
sensors - scanners, agents, cloud 
connectors, container sensors, 
passive sniffers and mobile agents 
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Qualys 
Platform Approach 


Extending solutions into 
remediation & response 


Building dedicated Data science 
team 


Rapid expansion of R&D org 


Key technology acquisitions & 
Investments 
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Acquisitions & Investments 


Nevis Passive Scanning & Secure Access Control 
Netwatcher Event Correlation Platform 
1Mobility Enterprise Mobility 
Layered Insight Built-in Runtime Container Security 
42Crunch Investment API Security 


Frog 1 


Frog 2 
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Qualys Cloud Apps 


| ASSET MANAGEMENT | MANAGEMENT 


Asset Inventory CMDB Sync Cloud Inventory Certificate Inventory 


Maintain full, instant visibility of all your Synchronize asset information from Inventory of all your cloud assets across Inventory of TLS/SSL digital certificates on 
global IT assets Qualys into ServiceNow CMDB AWS, Azure, GCP and others a global scale 


Vulnerability Management Threat Protection Continuous Monitoring Indication of Compromise 
Continuously detect and protect against Pinpoint your most critical threats Alerts you in real time about network Continuously monitor endpoints to detect 
attacks, anytime, anywhere and prioritize patching irregularities suspicious activity 

Container Security cra| Certificate Assessment 
Discover, track, and continuously protect Assess all your digital certificates for TLS/ 
containers SSL vulnerabilities 


| COMPLIANCE MONITORING | MONITORING 


Policy Compliance PCI Compliance File Integrity Monitoring Security Configuration Assessment 
Assess security configurations of IT Automate, simplify and attain PCI Log and track file changes across global IT Automate configuration assessment of 
systems throughout your network compliance quickly systems global IT assets 
Cloud Security Assessment Security Assessment Questionnaire 
Get full visibility and control across Minimize the risk of doing business with 
all public cloud instances vendors and other third parties 


| WEB APPLICATION SECURITY| APPLICATION SECURITY 


Web Application Scanning Web Application Firewall 


Secure web applications with end-to-end Block attacks and virtually patch web 
protection application vulnerabilities 


© Qualys. 


Q4 2018 - more apps to come 


б 2018 : 2019 


Patch Management - beta Global IT Asset Management 
(managed assets) - GA 


| 


Passive Network Senor 
(unmanaged assets) - beta 
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2019 - even more apps to come! 


Secure Enterprise Mobility 
Secure Access Control 

API Security 

Software Composition Analysis 
Breach and Attack Simulation 


Security Data Lake & Correlation Platform 
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Unified Dashboards 
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Dashboards DASHBOARD 
=== 


yment Appl Compliance Dashboard v 


> Last30Days Y o 
TOP EOL SOFTWARE PUBLISHERS TOTAL BY SEVERITY 
Symantec 
Oracle 8.19K 
N 7.19К 
Mozilla T 
5.22K 
Google Еее 
235K 
Microsoft 329 
єз єл 
MISSING PATCHES BY PLATFORM ASSETS WITH ACTIVE ZERO DAY AND NO PATCH AVAILABLE 
88 Server 2016: 3400 
88 Windows 7: 1200 
| Server 2012: 872 
ЮЕ Server 2008: 4300 
88 Windows 10: 3200 
со 
ТОР 5 FAILING POLICIES LICENCE OVERVIEW 
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It’s the Platform! 


(a real one) 


Qualys Cloud Platform 


Looking Under the Hood: What Makes Our Cloud 
Platform so Scalable and Powerful 


Cloud Platform Environment 


Security at scale on hybrid clouds 


15+ products providing 
comprehensive suite of security 
solutions 


10,300+ customers 


7 shared cloud platforms across 
North America, Europe & Asia 


70+ private clouds platforms 


deployed globally... on-prem, AWS, 


Azure, GCP 
16+ PB storage and 16,000 cores 
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Cloud Platform Highlights 


1+ trillion security events annually 
3+ billion scans annually 


2.5+ billion messages daily across 
Kafka clusters 


620+ billion data points indexed in 
our Elasticsearch clusters 


Unprecedented 2-second visibility 
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Qualys Cloud Platform 


Sensors, Data Platform, Microservices, DevOps 


Application Services / Shared Services / Stream & Batch Processing / Reporting / Analytics 
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Cloud Passive Scanners Scanners Appliances Virtual Scanners Internet Scanners 
Agents © Qualys. 


Qualys Sensor Platform 


Scalable, self-updating & centrally managed 


Physical 


Legacy data centers 
Corporate infrastructure 


Continuous security and 
compliance scanning 


® 


Virtual 
Private cloud 
infrastructure 
Virtualized Infrastructure 


Continuous security and 
compliance scanning 


@ 


Cloud/Container 


Commercial laaS & PaaS 
clouds 


Pre-certified in market 
place 


Fully automated with 
API orchestration 


Continuous security and 
compliance scanning 


© 


Cloud Agents 


Light weight, multi- 
platform 


On premise, elastic 
cloud & endpoints 


Real-time data collection 


Continuous evaluation 
on platform for security 
and compliance 


Passive 


Passively sniff on 
network 


Real-time device 
discovery & 
identification 


dentification of APT 
network traffic 


Extract malware files 
rom network for 
analysis 


[s] 


API 


Integration with Threat 
Intel feeds 


CMDB Integration 


Log connectors 


Data Platform-as-a-Service 


Right database for the right use 
case 


* Highly scalable architecture 
* Predictable performance at scale 
* Distributed and fault-tolerant 


e Multi-datacenter support e 
* Open-source cassandra 
e Commodity hardware 4% elastic 


Ц 


SH redis E 
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Data Platform-as-a-Service 


Asynchronous, 
event-driven 
architecture 


Foundation for 
Qualys Cloud 
Platform 


Over 2.5 billion 
messages per day 


4» elastic 
Elasticsearch 


Search for anything 


Over 620 billion 
data points indexed 


Estimating about 1 
trillion data points 
be year end 


292 Cassandra 


Cassandra 


Low latency 
storage 


Source of truth for 
data across 
multiple products 


8 redis 


Redis 
In-memory cache 


Improved system 
performance for 
frequently 
accessed data 
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Ceph 
Object storage 


Moving Oracle and 
in-house blob 
storage into Ceph 


Microservices & Cloud Native Architectures 
Reduce risk and ship faster 


Change how we design and build 


к В j ЖЕ ==. 
applications and services Q9) (O7 € 


y y 
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e Monoliths to microservices 

* Well defined APIs 

e Packaged in containers e => С e 
“ Deployed on elastic infrastructure - — 
e 12-Factor apps 

e CI/CD, Service Registry, Config Servers 


kubernetes 
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DevOps - Increased Efficiency 


Goal is to make software 
delivery vastly more efficient 


Supporting about 80 shared ad azon 
| ЕШ webservices 

and private cloud PRIVATE CLOUD 

deployments 


icrosoft Azure (С 5 ІВМ Cloud 


Google Cloud Platform 
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Automation - Infrastructure as Code 


Treat systems running your 


software as if they themselves 
di kubernetes 
are software 8 


Automate чи Terraform ANSIBLE 
e Infra provisioning | 
* Configuration management V Vault (2: Consul 


* Deployments... | 
Ө Jenkins 


.. all using code 
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Monitoring Systems - Observability 


Centrally monitor across all 


platforms using а single-pane Ф Prometheus IS Grafana 
d = elasticsearch L logstash к. кірапа 
End-to-end monitoring using 
* Time series metrics 

* Distributed tracing pagerduty 2 catchpoint: 
* | og aggregation & analytics 

* Alerting 


A. nppDunamics 88 kafka splunk> 
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Integrated Security - DevSecOps 


Built-in security practices ae 
across the DevOps lifecycle vti а 


Qualys-on-Qualys roro wie anse 
e Manage vulnerabilities 


| VM ЅСА | | TP PC IOC 
e Secure and shield web apps 
e Validate file integrity (Fm) 
e Monitor systems 
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Qualys Cloud Platform 


of Applications 
р Authentication Authorization Subscription Indexing Data Sync Tagging 
Shared Services Service Service Service Service Service Service 


Messaging, Data, (ж. - 4. | . | 
Analytics Platform $ kafka == Aceph %» elastic SE Qa redis Qarlink 


cassandra 


Infrastructure and Logging Monitoring Config Mgmt. 2. CI/CD 2. 
DevOps Toolchain ету 
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Qualys Cloud Applications 


Asset Inventory 


Maintain full, instant visibility of all your 
global IT assets 


CMDB Sync 


Synchronize asset information from 
Qualys into ServiceNow CMDB 


Certificate 
Inventory: 5/51. digital certificates on 


a global scale 


ci | Cloud Inventory с 


Inventory of all your cloud assets across 
AWS, Azure, GCP and others 
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Vulnerability Management 


Continuously detect and protect against 
attacks, anytime, anywhere 


Container Security 


Discover, track, and continuously protect 
containers 


Threat Protection 
Pinpoint your most critical threats 
and prioritize patching 

cra| Certificate Assessment 


Assess all your digital certificates for TLS/ 
SSL vulnerabilities 


c| Indication of Compromise 


Continuously monitor endpoints to detect 
suspicious activity 


Continuous Monitoring 


Alerts you in real time about network 
irregularities 


Patch Management (Beta) 


Select, manage, and deploy patches to 
remediate vulnerabilities 


| COMPLIANCE MONITORING | MONITORING 


Policy Compliance 


Assess security configurations of IT 
systems throughout your network 


Cloud Security 
Assessment, and control across 


all public cloud instances 


PCI Compliance 


Automate, simplify and attain PCI 
compliance quickly 


Security Assessment 
Questionnaire; doing business with 


vendors and other third parties 


File Integrity Monitoring (sca) Security Configuration 
Assessmenturation assessment of 


global IT assets 


Log and track file changes across global IT 
systems 


| WEB APPLICATION SECURITY| APPLICATION SECURITY 


(чл) Web Application 


Seanningpplications with end-to-end 
protection 


(war) Web Application 
Firewall... and virtually patch web 


application vulnerabilities 
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Advanced Correlation & Analytics 


ML/AI Service Orchestration & Automation UEBA 
Patterns | Outlier | Predictive SoC Integration | Playbooks | Response User & Entity Behavior Analytics 
Threat Hunting Security Analytics Advanced Correlation 
Search | Exploration | Behavior Graph Anomaly | Visualization | Dashboard Actionable Insights | Out-of-box Rules 


Qualys Security Data Lake Platform 


Data Ingestion | Normalization | Enrichment | Governance 
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Network Security Server End Point Qualys Apps Apps Cloud Users loT 


Qualys Quick Connectors 
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Thank You 


Sumedh Thakar 
sthakar@qualys.com 


